PayPal Transparent Redirect


Friday, May 29th, 2020

For the use with PayPal Payments Pro (Payflow Version) and PayPal Payflow Pro

May 2020

FOCUS AREAS

  • Transparent Direct: What it is and how it supports PCI compliance
  • How does transparent direct operate?
  • How do you incorporate transparent direct into a website?
  • Are there any constraints on transparent direct?
  • What PayPal solutions does transparent direct collaborate with?
  • How can an independent merchant utilize transparent direct for their business?

– Novice merchant incorporating for the very first time

-Current merchant adding on transparent redirect

  • What are the design restrictions when employing transparent direct?

WHY USE TRANSPARENT DIRECT

  • Merchants have expressed their desire for more PCI compliance support. Most do not wish to deal with payment data running through their servers.
  • In response, PayPal released hosted pages in partnership with Payflow Link and PayPal Payments Advanced
  • Both merchants and developers voiced their need for a tool that grants them full command of their payment page. Transparent direct was the solution.

-Transparent direct uses your custom website. However, all payment information is inconspicuously routed to PayPal’s server, minimizing your PCI compliance worries.

  • Transparent direct enables merchants to be PCI Compliant with a solution that is completely customized and/or are worried about relinquishing control via a hosted page.

STANDARD PAYFLOW INTEGRATION

  1. The customer chooses a product on your website and clicks on “Buy”. This automatically sends a request directly to the merchant’s server. The merchant’s server then sends the credit card information to the Payflow Gateway.
  2. The Payflow Gateway takes the transaction through the payment processing network (e.g. card associations, acquiring banks, etc.)
  3. Gateway gives response back to the merchant’s server.
  4. The merchant’s server shows the final result to the customer.

PAYFLOW INTEGRATION WITH THE USE OF HOSTED PAGES

  1. The customer chooses products on your website and clicks, “Buy”. This in turn sends an automatic request to the merchant’s server. 
  2. The merchant’s server then transmits a Secure Token call to the Payflow Gateway.
  3. Payflow then sends an API response back the merchant’s server
  4. You then submit the secure token to the customer’s browser and is redirected to the hosted page (whether it’s a full page redirect or a template that is embedded).
  5. The Payflow server then collects the amount as well as other transaction information by using the secure token. The customer types in essential data such as the credit card number and the expiration date. When the customer hits “submit” they will avoid your server entirely, easing your worries about PCI compliance. 
  6. Payflow then processes the transaction through a payment processing network.
  7. Payflow redirects your customer to your “ReturnURL” as determined by the Secure Token call.(This is entirely transparent to the customer)

THE PAYFLOW INTEGRATION SCHEME USING TRANSPARENT DIRECT

  1. The customer selects products on your website and clicks “Buy”, which in turn, transmits a request to the merchant’s server.
  2. The merchant’s server then forwards a Secure Token call to the Payflow Gateway.
  3. Payflow submits API responses to the merchant’s server.
  4. The merchant’s server shows the credit card sections or makes them readily accessible to the customer.
  5. The customer fills out the credit card section and after they press “Submit”, the details get sent to Payflow, completely avoiding your server, alleviating the PCI compliance worry.
  6. Payflow processes the transaction, using the payment processing network.
  7. Payflow then sends the customer to your “ReturnURL” as predetermined by the Secure Token call. (Also entirely transparent to the customer)
  8. Your website will demonstrate the outcome to the customer.

THE PROS AND CONS OF USING TRANSPARENT REDIRECT

  • The Pros of using transparent redirect:
    • Release the burden of PCI compliance as all sensitive payment details do not go through the merchant’s servers. 
    • The checkout page is completely hosted,designed, and customized by the merchant.
  • The Cons of using transparent redirect:
    • Merchants will not have access to checkout upgrades by PayPal. When new payment methodologies are introduced, they will need “custom integration” instead of only being “configurable” through the PayPal Manager
    • It takes more coding as opposed to Payflow Link/PayPal Payments Advanced.
    • Pricier service (need subscription for PayPal Payments Pro and/or Payflow Pro)

*Note: Merchants who are with PayPal Payments Pro are required to offer PayPal Express Checkout as a form of payment along with entering credit cards. As a result, transparent direct will not be a way to avoid the “PayPal placement” as part of PayPal Payments Advanced.

KEY FACTORS ON CHECKOUT DESIGN WITHIN TRANSPARENT DIRECT

The execution of transparent redirect will be similar to the use of a regular hosted page. However, if you are the one hosting the checkout page, you need to keep the following in mind:

  • You must have a PayPal Payflow Pro or the PayPal Payments Pro (Payflow version) account. 
  • Secure Token must be used.
  • The payment page must be able to collect the necessary information to clear a transaction like the credit card number, the expiration date, and the CVV2.
  • The payment page must also have PayPal Express Checkout button, with the integration of Payflow.
  • If using transparent direct, can’t use:  https://manager.paypal.com. You will have to have your own receipt, email, CVV2 and AVS checks.
  • The security settings for both AVS and CSC must be turned off.
  • All email confirmations have to be turned off.
  • The receipt page must also be turned off.

If all the aforementioned are in place, you can begin using transparent direct adding on a “single addition parameter” to the secure token call.

  • Set SILENTTRAN=True

Setting changes are not necessary in Manager.PayPal.com, however, there needs to be an active account within this system in order for transparent direct to function.

NOVICE MERCHANTS – SELF INCORPORATED

How can a novice merchant receive the full benefits of transparent direct?

  • You can purchase PayPal Payments Pro via telesales and tell them that you want to use transparent direct. Also request a PayPal Payments Pro (Payflow version) account. 
  • You can also buy Payflow Pro via any sales channel.
  • Make sure you integrate your account using the specific guidelines as mentioned in the Payflow Gateway Developer Guide.
    • Enter secure token and the “silenttrans”, the transparent direct parameter when requested.

CURRENT MERCHANTS – SELF INCORPORATED

How can current merchants take hold of transparent redirect?

PayPal Payflow Pro or PayPal Payments Pro (Payflow version)

  • A secure token must first be added by the developer 
  • You must ask merchant service to move your Payflow account to v2. This is at no additional cost.

PayPal Payments Pro 3.0

  • At this point, you would need to start from scratch with a new Pro account. All transaction history will be lost.
  • If used the PayPal integration method, would need to re-work the technical integration.
  • If the Payflow integration has been used, you would need to add a secure token.

MERCHANTS AND THE USE OF CARTS

  • Merchants who are planning to use PayPal Payments Pro and or PayPal Payflow Pro along with a shopping cart and would like to use transparent redirect, must approach the shopping cart if they have “integrated” that feature.
  • Although it is free of charge for the cart to upgrade to transparent redirect, this requires an extra step of development.
  • The cart could already have acquired PCI certification, making transparent direct unnecessary.
  • If the cart is unclear and wants more clarification on how to fully integrate with transparent direct, they can connect with their PayPal relationship manager or account manager. 
  • A merchant who currently has a PayPal Payments Pro account needs to create a PayPal Payments Pro (Payflow version) account to use transparent redirect.
  • A current PayPal Payments Pro (Payflow edition) or Payflow Pro merchant needs to upgrade their account to v2 to use transparent redirect. It’s completely free, just contact merchant services.

Leave a Reply

Your email address will not be published. Required fields are marked *